airpdcap: ensure that buffer put on stack is big enough to hold the result of AirPDcapRsnaPwd2PskStep()

g1439eb6 changed AIRPDCAP_WPA_PSK_LEN from 64 bytes to 32 bytes, leading to a stack corruption in AirPDcapRsnaPwd2Psk() function Change-Id: Ibf51f6749715055cd84906a144214ed44c85256b Reviewed-on: https://code.wireshark.org/review/8358 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2015-05-08 21:14:10 +0200
committer: Pascal Quantin <pascal.quantin@gmail.com> 2015-05-08 19:21:54 +0000
commit: db3412051ff3e20526f2f4bbf11271da4d70ef56 (patch)
tree: 218940de85477a87b9da0f2f84fced5108850215 /epan/crypt
parent: dce4cc675db8f81096095c48a41ae9c628b72c2f (diff)
download: wireshark-db3412051ff3e20526f2f4bbf11271da4d70ef56.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c
index 5b955fedea..973c0e1acb 100644
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@@ -1735,10 +1735,10 @@ AirPDcapRsnaPwd2Psk(
     const size_t ssidLength,
     UCHAR *output)
 {
-    UCHAR m_output[AIRPDCAP_WPA_PSK_LEN];
+    UCHAR m_output[2*AIRPDCAP_SHA_DIGEST_LEN];
     GByteArray *pp_ba = g_byte_array_new();
 
-    memset(m_output, 0, AIRPDCAP_WPA_PSK_LEN);
+    memset(m_output, 0, 2*AIRPDCAP_SHA_DIGEST_LEN);
 
     if (!uri_str_to_bytes(passphrase, pp_ba)) {
         g_byte_array_free(pp_ba, TRUE);
author	Pascal Quantin <pascal.quantin@gmail.com>	2015-05-08 21:14:10 +0200
committer	Pascal Quantin <pascal.quantin@gmail.com>	2015-05-08 19:21:54 +0000
commit	db3412051ff3e20526f2f4bbf11271da4d70ef56 (patch)
tree	218940de85477a87b9da0f2f84fced5108850215 /epan/crypt
parent	dce4cc675db8f81096095c48a41ae9c628b72c2f (diff)
download	wireshark-db3412051ff3e20526f2f4bbf11271da4d70ef56.tar.gz